Wednesday, May 18, 2016

Accidentally invented - Dos attack using Google Sprdsheets


Panos Ipeirotis, a computer scientists working at New York University,attack on his Amazon web service using Google Sprdsheets and Panos Ipeirotis checked his Amazon Web Services bill last week - its was $1,177.76 !
He had accidentally invented a brand new type of internet attack, thanks to an idiosyncrasy in the online sprdsheets Google runs on its Google Docs service, and he had inadvertently trained this attack on himself. He calls it a Denial of Money attack, and he says others could be susceptible too.
On his personal blog Ipeirotis explained that it all started when he saw that Amazon Web Services was charging him with ten times the usual amount because of large amounts of outgoing traffic.

As part of an experiment in how to use crowdsourcing to erate descriptions of s, he had posted thumbnails of 25,000 pictures into a Google document, and then he invited people to describe the s. The problem was that these thumbnails linked back to original s stored on Amazon’s S3 storage service, and apparently, Google’s servers went slightly bonkers. “Google just very aggressively grabbed the s from Amazon again and again and again,” he says.
After analyzing traffic logs he was able to determine that every hour a total of 250 gigabytes of traffic was sent out because of Google’s Feedfetcher, the mechanism that allows the srch engine to grab RSS or Atom feeds when users add them to Rder or the main page.
After spking with Google representatives, Ipeirotis believes that the company is trying to balance user privacy with a desire to present fresh content. It seems that Google doesn’t want to store the information on its own servers so it uses Feedfetcher to retrieve it every time, thus erating large amounts of traffic.
“Google becomes such a powerful wpon due to a series of perfectly legitimate design decisions,” Ipeirotis wrote in a blog posting on the issue.


Source: THN

No comments:

Post a Comment